Endpoint

Sophos MDR integrations are now GA, up to date documentation can be found at the following link: Integrations

Endpoint integrations allow for the collection of alerts and detections from 3rd party endpoint protection products.

These integrations will be included with your MDR License at no additional charge.

If you have devices with a 3rd party endpoint protection product you should deploy the XDR Sensor and the Integration for that 3rd party

XDR Sensor

In addition to setting up an Integration for the 3rd party, please also deploy the XDR Sensor on those devices. The Sophos XDR Sensor is an agent that runs alongside the 3rd party software and provides information directly to the datal ake and allows MDR services to respond to threats detected on the device with Live Response and Live Discover(Queries). To deploy the XDR Sensor you will need to join the 'New XDR Features' EAP. You CAN have multiple EAP's active at the same time and for accounts testing with 3rd party AV we would like the Integration and XDR Sensor deployed.

You can read more on the XDR Features EAP on the community forum https://community.sophos.com/intercept-x-endpoint/early-access-program/

XDR Sensor:

The EAP begins with the introduction of the XDR Sensor which is a new deployment option specifically designed for prospects/customers who are unwilling or unable to replace their existing, non-Sophos endpoint protection platform with the full Sophos Intercept X Advanced with XDR agent but are interested in benefiting from our endpoint detection, investigation, and response capabilities. Common examples of this include:

Prospects who are currently using a non-Sophos endpoint protection tool but are interested in trialing Sophos as part of a proof-of-concept (POC) without it interfering with their existing endpoint protection platform.

Existing customers who are using Sophos endpoint protection (Intercept X Essentials or Intercept X Advanced) in one segment of their environment while using one or more non-Sophos endpoint protection tools in other segments. These customers may be looking to move their entire organization to Sophos over time but need to use the Sophos XDR Sensor to bridge the gap during the consolidation process.

Prospects who want to complement a non-Sophos endpoint protection tool with the detection, investigation, and response capabilities enabled through Sophos XDR. In many cases, these will be prospects who only have endpoint protection today but are looking for an immediate path to EDR and XDR capabilities.

Integrations

Integrations provide a direct connection the 3rd party endpoint protection product to collect alert information for the data lake. These alerts are in addition to detections that have come from the XDR Sensor.

Endpoint	Microsoft - Graph Security API	REST API	The Microsoft Graph Security API includes detections from Defender 365
Endpoint	Blackberry – CylanceOPTICS	REST API	Identifies potential unknown malware, file-less attacks, and zero-day payload execution.
Endpoint	Malwarebytes - Endpoint Protection	Log Collector	See threat-related events from Malwarebytes Nebula, a cloud-hosted security platform that protects endpoints and resources, in the Sophos Data Lake.
Endpoint	SentinelOne - Singularity Endpoint	REST API	SentinelOne detects threats to endpoints.
Endpoint	Broadcom - Symantec Endpoint Security	REST API	Send Symantec Endpoint Security data on vulnerabilities and attacks to the Sophos Data Lake.
Endpoint	Trend Micro - Apex Central	Log Collector	Adds notifications from Trend Micro Apex Central, a centralized management console for Trend Micro security products, to the Sophos Data Lake.